In 2004 at the World Economic Forum, Bill Gates proclaimed: "Two years from now, spam will be solved." Six years later there is no indication that the spam problem will ever be solved. So what went wrong?
The screaming headlines have been running for years. Whether they're in press releases about cybercrime exceeding international drug profits or the billions of dollars lost to breach disclosures or videos highlighting the meltdown of power generators due to a myriad of vulnerabilities, the anti-malware industry has long relied on fear to move their products.
IT security has the potential to impact a business at every level. Few other business areas, if any, have the potential to damage customer relations, disrupt supplier dealings, lower employee productivity, lose revenue and even lead to the arrest of the CEO.
Pornography. Adult Chat Rooms. Violence. Child Stalking. Hacking. There are millions of websites that house offensive content that minors should not be exposed to, and their presence is compounded by their accessibility.
I recently read an excellent study about the impact of security and privacy on brand reputation and customer loyalty. I was looking for some solid analytical data to prove my strong belief that security can be a "competitive advantage or differentiator." This study, "Secure the Trust of Your Brand," published by The CMO [chief marketing officer] Council, corroborates my convictions regarding the importance of security. It is worth downloading and showing all executives (www.cmocouncil.org).
If you're part of a financial institution, chances are you've memorized the Federal Financial Institutions Examination Council (FFIEC) guidance chapter and verse, and, with risk assessment in hand, are in the midst of rolling out some form of consumer authentication. If yours is like most financial institutions, you approached FFIEC audits with a "good enough" mentality, meaning that whatever you install to protect people against online fraud and ID theft is better than what you had — and the less invasive to the consumer the better.
Compliance is a moving target, especially when it comes to Sarbanes-Oxley and personal data protection. Technologies change, companies grow, systems evolve and compliance programs must take these changes into account to remain effective. It is important to remember that it is not the design of the compliance program that counts, but its ability to meet its overall goal, whether it's accuracy in financial reporting or protection of customers' personal information.